FK.LEGAL.PRIVACY · V1.0 Last updated 2026-05-21 FK.SYSTEM

Privacy.

FLYRKIT is a productized flyer subscription studio operated by 99agency (Família Assis Holding). This policy explains what personal data we collect, why we collect it, and the choices you have. It applies to flyrkit.com, the FK.PORTAL client portal, and any sub-domain operated by FLYRKIT. We comply with GDPR (EU), LGPD (Brazil), and CCPA (California). If our handling of your data is not what you expected, write to privacy@flyrkit.com — we read every message.

01 · Data we collect

When you sign up, brief a flyer, or pay an invoice we collect: your name and email address, the venue or brand you operate, billing information processed through Stripe or PayPal (we never store full card numbers), the details you submit on each brief (event name, date, lineup, logo, references), files you upload, and basic technical information such as IP address, browser, and language preference.

02 · Why we collect it

To deliver the service you paid for — producing, previewing, and shipping your flyers within the agreed SLA.
To bill you correctly and prevent fraudulent payments.
To improve FLYRKIT — aggregated, never tied to identifiable individuals without consent.
To comply with tax, accounting, and consumer-protection laws in the markets we operate in.

03 · Who we share it with

FLYRKIT shares data only with vetted processors required to deliver the service: cloud hosting (AWS, contracted in EU-Frankfurt and US-East), payment processors (Stripe, PayPal), email delivery (Postmark), and our internal production system, which lives on infrastructure owned by 99agency. We do not sell your data, do not run third-party ad-tech on the portal, and do not share data with brokers.

04 · How long we keep it

Account data remains active for as long as your subscription is open. After cancellation we keep your brand kit and library in archived form for 12 months so you can re-activate without losing work, then permanently delete it. Billing records are retained for the period required by tax law in the country of billing (typically 5–10 years). Consent records under LGPD/GDPR/CCPA are retained for the legal retention period.

05 · Your rights

You have the right to access, correct, export, and delete your personal data at any time. You can do most of this directly from the portal (account, billing, brand kit). For full export or deletion outside the portal flow, write to privacy@flyrkit.com from the email on file. We answer within 15 business days, often within 48 hours.

06 · International transfers

Because FLYRKIT operates in EN/ES/PT markets, your data may be processed in the EU, the US, or Brazil depending on routing. All transfers use Standard Contractual Clauses (SCCs) where required. Encryption in transit (TLS 1.2+) and at rest is standard.

07 · Security

Passwords are stored using PBKDF2-SHA256 with 120,000 rounds. Access to the production database is limited to two named operations engineers and audited. Magic-link tokens expire in 24 hours and are single-use. Bridge integrations carry idempotency and replay protection. We will notify you within 72 hours of any confirmed personal-data incident.

08 · Contact

Data controller: 99agency (Família Assis Holding). Data protection contact: privacy@flyrkit.com. Postal address available upon request. This document is the master English version. Translations into Spanish and Portuguese are provided for convenience; in case of conflict the English text controls.

FK.LEGAL.PRIVACY · 2026 · a 99agency company